How can a "standard Elastic IP" become the External IP for a VPC?

In AWS, I have an IP address I must keep. (end users are manually typing it in for DNS service)

I need to move the DNS server from a standard instance to a VPC base instance. I understand that I can't directly assign the IP to my VPC, but I want to understand techniques in which I can otherwise do it.

For example, is the only option to set up a classic host with 2 NICs, one is my "external" IP, and one is my internal, and then have some kind of port forwarding happen?

What have I done

I've experimented with the VPC wizard and it appears that the "public and private subnets" option deploy an instance of a NAT-ing firewall, that resides on a virtual host. What kind of software is this, and can I deploy it manually in an existing configuration?

Is there an alternative way to deploy port-forwarding as described?


EC2 EIPs, whether in EC2 Classic or in a VPC, operate through a 1:1 NAT. That is, the IP address never actually gets assigned directly to your host. Rather, traffic to/from the associated instance goes through the EC2 NAT infrastructure.

Sadly, EIPs are not portable between EC2 Classic and VPC, so you're out of luck if you were hoping to be able to somehow move this IP into a VPC.

With regards to NAT hosts in a VPC, that is only necessary if you have hosts in the VPC that 1) do not have an EIP assigned and 2) need access to resources outside your VPC. If you assign EIPs to your instances that need access to outside resources, AWS handles the NAT for you. However, if you have instances that do not have EIPs associated, and those instances need outside access, then you'll need to roll your own NAT server or use one of Amazon's pre-configured NAT AMIs. These are nothing special - just a linux server with NAT enabled via iptables and ip forwarding enabled in the kernel.


You can now move the EIP from standard to vpc scope. Check out http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#migrating-eip


It is now possible to migrate an EIP from the standard scope to the VPC scope but you first need to disassociate your Elastic IP from your instance (so you will see a short amount of downtime).

You can then move the Elastic IP to the VPC scope:

allocate classic elastic IP address to instance in VPC

It can take a few minutes to transition over unfortunately and it may look like it has disappeared for a moment (details here). Once it has moved over, you can then allocate it to your instance in VPC.